IP Networking

Hi

I've stumbled over something that caught my attention but I'm not familiar enough with IPs to know if this is suspect or irrelevant. If you'd take the time to read and respond I'd greatly appreciate it. I'm just stumped.

I've done a site for some people (4 in the group) awhile ago and set up a simple stats tracker on the site, and have checked it fairly regularly since it was launched...however, the group hit some unstable times so the site itself has been left unfinished. At any rate, checking the stats, I see 4 different IPs, 3 of which are from aol, and show 3 distinct IPs with the last segment #'d out so I have no idea of the last number/s. We're all local, same 2 cities.

One of the group sent an email awhile back shortly after the site was done and I noticed in the headers the IP showed as being the same as one on their site stats. Another was sent, and I saw the same initial base of the IP but the last 2 segments were different. At any rate, this one was the only one showing on the stats page with these specific numbers so I concluded that IP belonged to that person, and by deduction really on the others based on times I knew they were actively on the site, figured out which belonged to which.


On one of my personal sites the email sender was directed to it specifically, so when they checked, I saw the same IP show up on my stats at that time.

Now fast forward a year later just about. I have since gotten a new site with a forum but the forum is remote hosted. In September I scrapped the entire forum, cleaned the member rolls, topics and basically started over with a new subject matter. I even reset the stats counter. In the last 2 weeks people have been showing up, both from my personal advertising links on a blog and former site, but also from the open hosted forum. In the last 3 weeks of trying to add new content posts to the forum new people began signing up, registering. Half of them are re-registered from the last incarnation. No problem.

Last week, an incident happened between myself and the email sender mentioned above - nothng bad, just curious to me - and I'd been waiting on a response on some business from them. Three days later, I'd been checking the forum member list and noticed - of my 19 new members - that one of them had a curious username, which was why I checked the profile. The email used was from aol but the way it had been structured was similar to the email sender's known address, also from aol. Just as I was about to X out, I noticed the IP number....and it was the very same IP number that appeared in the group's site stats, as well as containing the same base in the email sender's headers. The sender does use aol as the isp, and not aol web based email.

The IP resolves to aol in Virginia so I can't get a localized version regardless, so I typed the forum IP, containing the last segment (it shows as # in the site stats, not the whole thing), and eventually discover the same IP is apparently being used all over the place, even search results from several years ago from all sorts of people all over the country.

I'm not sure what to think but my original toss was wondering if it's just some random aol user that just happened to appear on the forum and register, using an aol username style strikingly similar to the senders, or could this be the same person that sent the email, that's part of the group, since in the case of the forum, the subject matter is very specific, it's not an all purpose forum, nor is the target audience the general public, however the topic periodically addresses the members of the group. On the other hand, the forum still belongs to me, the one who created a site for this group, so the IP seemed too relevant to me, rather than "random."

If the email header IP shows as, for example, 123.456.78.900 (for email) specifically, this same IP shows up in the group's stats as 123.456.78.# - while the other aol users who appeared would have their IPs as 098.765.432.1 or 23.456.78.9 - distinctive, and on the specific arrival logged on my site a year ago as 123.456.78.# when I knew sender was on the site, and then showing up on the forum is 123.456.78.90 ....from aol...however, apparently aol doles out 123.456.78.90 to millions of people??

Could this be the same person? It *feels* like it's such an obvious "duh" yeah, but when I learned that aol doles it out it made me question it.

Also, just for the official record about my personal site stats and aol visitors, for every 300 people only about 2 of them actual are using aol. I've checked my stats regularly enough to pick up that aol users apparently aren't the norm on the site. Even the new tracker I installed on the forum showed 35 people in about an hour and none of them were aol users.

Coincidence? Random? Am I missing something or staring straight at it?

Thank you so much and I apologize for the length...I just would like to know so I don't jump to any conclusions unnecessarily.

Hey thanks. That cleared that right up.

Site admins hate AOL since there is little consistent about their IP addresses. It's difficult to ban one AOL user without banning all of AOL.

I realize that - I wasn't intending on banning anyone. I'm trying to detemine whether when I see an IP# from aol on 3 different stat logs relevant to me specifically as being - for example 123.456.78.# (service doesn't show the rest), when I had specific knowledge said specific computer user was visiting the site in a specific timeframe (thus confirming at least that this computer's IP was 123.456.78.# regardless), and then later see a new member from aol with a similar username style to the 123 user, who ALSO shows an IP# as being 123.456.78.90 that it'd be the same computer accessing the sites and the forum. I realize that 50 different people could be using one computer pulling up the sites at any given time - not what I'm asking. In this particular case, however, it would be just one person at the same computer, with an IP# of 123.456.78.# and now I see a new member with the IP# 123.456.78.90 showing up on the forum.

Same computer (user)? Or warped random fluke of nature?


I know it was rather long but I wanted to at least provide enough details. What I'm not looking for is confirming THAT it appears to be a coincidence or appears suspicious - I know that, which is why I came to ask I'm looking for what would be the correct assessment in this circumstance, based on how IP numbers are assigned. It would seem to me that if 5000 people in any given area are assigned the same IP of 123.456.78.90 then trying to log stats is pointless - could be anybody or could be one. Or could be 400 different people. I'd always been under the impression (since it's always explained using the analogy) that IPs are similar in nature to a phone number - one number, one computer - as opposed to IPs being similar to an "area code" where it could be any number of people in that location.

Which is the correct way to recognize the relevance of IPs, and a single IP showing up consistently in 3 different cases as KNOWN to be someone specific, and having the same IP show up on a 4th location, can it be correct to say it's the same person there too?

Thanks again and I do appreciate that you replied.

This is only literally true for static IP addresses; these don't change. Many ISP's deny these to their base customers so they can charge them exorbatant amounts of money for them; as a result, most people's IP's are dynamic -- when their computer turns on, it's given some random address from a pool of free ones. People may be in fact forced to change their IP once in a while even when they don't reboot. It causes great disruption if you're trying to serve anything, especially with respect to domain names.

Some people don't even get real IP's at all, just NAT-translated ones behind a firewall like 192.168.x.x. This lets an ISP farm out one IP to many users.

Given that AOL users are dialup(last I heard they were terminating their broadband service), they're pretty much guaranteed to be dynamic addresses. Dial in, get a random IP...

No, there's no way to tell static and dynamic addresses apart. They're all just numbers.